<?php
/**
 * This file is part of php-agenda.
 * 
 * php-agenda is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * php-agenda is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with php-agenda; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 * 
 * Copyright 2006, Thomas Abeel
 * 
 * Project: http://sourceforge.net/projects/php-agenda/
 * 
 */
?>
<?php
if(!isset($redirectprefix)){
	$redirectprefix="";
}
$tmp_user="";
$tmp_pass="";
if (isset ($_POST["user"])) {
	$_SESSION["user"] = $_POST["user"];
	unset ($_POST["user"]);
}
if (isset ($_POST["pass"])) {
	$_SESSION["pass"] = md5($_POST["pass"]);
	unset ($_POST["pass"]);
}

if (isset ($_SESSION["user"])) {
	$tmp_user = $_SESSION["user"];
} 
if (isset ($_SESSION["pass"])) {
	$tmp_pass = $_SESSION["pass"];

}

if ($tmp_user == "" or $tmp_pass == "") { //show login
	//echo "Either the user or the password is empty.";
	header('Location: '.$redirectprefix.'login.php?empty');
	die();
} else {
	$recordSetSec = & $db->Execute("select id,display_name, md5pass from users where display_name='$tmp_user' and md5pass='$tmp_pass'");
	if (!$recordSetSec) {
		//echo "The password and/or username are wrong or do not exist";
		header('Location: '.$redirectprefix.'login.php?error1');

	} else {
		//echo "We've found records...";
		//echo "Validating...";
		$count = 0;
		while (!$recordSetSec->EOF) {
			$count++;
			$_SESSION["pass"] = $tmp_pass;
			$_SESSION["id"] = $recordSetSec->fields["id"];
			$_SESSION["user"] = $tmp_user;
			$recordSetSec->MoveNext();
		}
		if ($count == 1) {
			//FALL THROUGH
		} else {
			//echo "The password and/or username are wrong or do not exist";
			header('Location: '.$redirectprefix.'login.php?error2');
		}
	}
	
}
?>
